Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted music/radio stations playing in the background automatically


  • This topic is locked This topic is locked
54 replies to this topic

#1 pike steamer

pike steamer

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 03 May 2014 - 03:07 PM

Music or radio stations start playing automatically. It appears to be the same stations and commercial over and over. When I disconnect Internet connection they play out and then stop. Task manager shows nothing running. This is using up 100% of system resources. I have McAfee installed, I have tried Malwarebytes, Superantispyware, spy bot, and Kaspersky with no luck in regular mode and safe mode.

I am by no means good with computers. I do fear that I have a virus/malware.

All help appreciated

BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 PM

Posted 03 May 2014 - 04:20 PM




Hello pike steamer

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.
.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
.





I would also like to get some extra information on one of the files on the computer

Run FRST like you did before and Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pike steamer

pike steamer
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 03 May 2014 - 10:03 PM

Thank you for your help Here are the logs

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014
Ran by Michael (administrator) on MICHAEL-PC on 03-05-2014 21:46:02
Running from C:\Users\Michael\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1e90062d\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
(Webshots.com) C:\Program Files\Webshots\Webshots.scr
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-07-23] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2534936 2014-02-24] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKU\S-1-5-21-2627946329-1160931553-1345559103-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2627946329-1160931553-1345559103-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2627946329-1160931553-1345559103-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-2627946329-1160931553-1345559103-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\S-1-5-21-2627946329-1160931553-1345559103-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-08-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2627946329-1160931553-1345559103-1000\...\MountPoints2: {47517bca-6730-11e3-b8d5-00238ba7148e} - "F:\WD Drive Unlock.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe (Webshots.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {C299A347-D117-4200-8C95-A0A570E62019} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {47737E1B-4C2E-4A26-A6F9-03C36CD369FF} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {C299A347-D117-4200-8C95-A0A570E62019} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b91635ed5-3c94-4ae6-b873-a7d93b133c8e%7d&q={searchTerms}
SearchScopes: HKLM-x32 - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b91635ed5-3c94-4ae6-b873-a7d93b133c8e%7d&q={searchTerms}
SearchScopes: HKLM-x32 - {47737E1B-4C2E-4A26-A6F9-03C36CD369FF} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {C299A347-D117-4200-8C95-A0A570E62019} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKCU - DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b91635ed5-3c94-4ae6-b873-a7d93b133c8e%7d&q={searchTerms}
SearchScopes: HKCU - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b91635ed5-3c94-4ae6-b873-a7d93b133c8e%7d&q={searchTerms}
SearchScopes: HKCU - {47737E1B-4C2E-4A26-A6F9-03C36CD369FF} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130810050438.dll (McAfee, Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130810050439.dll (McAfee, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\2cs8kgkc.default
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @unity3d.com/UnityPlayer - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: npEpicPlayDisplayHost - C:\Program Files (x86)\EpicPlay\npEpicHost.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll (Catalina Marketing Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension:  EpicPlay Games  - C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@epicplay.com [2011-11-02]
FF Extension:  EpicPlay Games  - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\2cs8kgkc.default\Extensions\textlinks@epicplay.com [2011-11-02]
FF Extension: ShopAtHome.com Intelligent Shopping Toolbar - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\2cs8kgkc.default\Extensions\toolbar@shopathome.com [2011-10-07]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\2cs8kgkc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-08-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-17]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-08-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Skype Click to Call) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1e90062d\AESTSr64.exe [89088 2008-06-27] (Andrea Electronics Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-08-10] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-08-10] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-02-24] (Sony Corporation)
S4 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1e90062d\STacSV64.exe [279040 2008-10-26] (IDT, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2009-06-26] (WDC)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1

==================== Drivers (Whitelisted) ====================

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2010-06-09] (LeapFrog)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-08-10] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-08-10] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-08-10] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-08-10] (McAfee, Inc.)
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [34304 2009-12-02] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [202248 2009-12-02] (Sierra Wireless Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-08-08] (Trend Micro Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
U2 TMAgent;
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-03 21:46 - 2014-05-03 21:46 - 00028780 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-05-03 21:45 - 2014-05-03 21:46 - 00000000 ____D () C:\FRST
2014-05-03 21:43 - 2014-05-03 21:44 - 02062336 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-05-03 14:04 - 2014-05-03 14:04 - 03077584 _____ (Symantec Corporation) C:\Users\Michael\Downloads\NPE.exe
2014-05-03 13:59 - 2014-05-03 14:01 - 00001684 _____ () C:\Users\Michael\Desktop\Rkill.txt
2014-05-03 13:59 - 2014-05-03 13:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill.com
2014-05-03 13:59 - 2014-05-03 13:59 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill64.com
2014-04-30 10:33 - 2014-04-30 10:33 - 00000984 _____ () C:\Users\Michael\Desktop\Kaspersky Security Scan.lnk
2014-04-30 10:33 - 2014-04-30 10:33 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-04-30 10:32 - 2014-04-30 10:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-30 10:32 - 2014-04-30 10:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-29 19:04 - 2014-04-29 19:04 - 00000000 ____D () C:\SUPERDelete
2014-04-28 20:14 - 2014-04-28 20:15 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64(1).exe
2014-04-28 20:12 - 2014-04-28 20:13 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64.exe
2014-04-28 12:34 - 2014-04-29 04:51 - 00278282 _____ () C:\Users\Michael\AppData\Local\census.cache
2014-04-28 12:33 - 2014-04-29 04:51 - 00186675 _____ () C:\Users\Michael\AppData\Local\ars.cache
2014-04-28 12:02 - 2014-04-28 12:02 - 00000036 _____ () C:\Users\Michael\AppData\Local\housecall.guid.cache
2014-04-26 21:59 - 2014-05-03 10:37 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-26 21:59 - 2014-04-27 16:52 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-26 21:59 - 2014-04-27 16:52 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-26 21:59 - 2014-04-26 21:59 - 00003802 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-04-26 21:59 - 2014-04-26 21:59 - 00003448 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-04-26 21:59 - 2014-04-26 21:59 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-04-26 21:58 - 2014-04-26 22:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-26 21:58 - 2014-04-26 21:58 - 00001230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-26 21:58 - 2014-04-26 21:58 - 00001218 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-26 21:58 - 2014-04-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-26 21:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-26 21:50 - 2014-05-01 19:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-26 21:50 - 2014-04-26 21:50 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-26 21:50 - 2014-04-26 21:50 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2014-04-26 21:50 - 2014-04-26 21:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-26 21:50 - 2014-04-26 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-04-26 21:23 - 2014-04-26 21:23 - 00009131 _____ () C:\ProgramData\1398565340.9156.bin
2014-04-26 21:23 - 2014-04-26 21:23 - 00002122 _____ () C:\ProgramData\1398565340.11048.bin
2014-04-26 21:23 - 2014-04-26 21:23 - 00000507 _____ () C:\ProgramData\1398565340.6700.bin
2014-04-26 21:23 - 2014-04-26 21:23 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-26 21:22 - 2014-04-26 21:28 - 00109416 _____ () C:\ProgramData\1398565340.8804.bin
2014-04-26 21:22 - 2014-04-26 21:28 - 00049009 _____ () C:\ProgramData\1398565340.6500.bin
2014-04-26 21:22 - 2014-04-26 21:26 - 00004880 _____ () C:\ProgramData\1398565340.7264.bin
2014-04-26 21:22 - 2014-04-26 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2014-04-26 21:22 - 2014-04-26 21:22 - 00013543 _____ () C:\ProgramData\1398565340.6164.bin
2014-04-26 21:22 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-04-26 21:22 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-04-25 18:53 - 2014-04-25 18:53 - 00737144 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-24 15:58 - 2014-04-28 20:19 - 00000082 _____ () C:\Windows\system32\mtdozz.cll
2014-04-24 15:48 - 2014-05-03 21:40 - 00037888 _____ () C:\Windows\system32\bqnwx.gmj
2014-04-24 15:47 - 2014-05-03 21:40 - 00000104 _____ () C:\Windows\system32\tkpae.ugg
2014-04-24 15:47 - 2014-04-24 15:47 - 00000064 _____ () C:\Windows\system32\kjtjm.urj
2014-04-24 15:31 - 2014-04-24 15:31 - 00301959 ____S () C:\Windows\system32\ujafzhu.kts
2014-04-11 17:45 - 2014-05-03 11:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-11 17:45 - 2014-04-11 17:45 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 17:45 - 2014-04-11 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-11 17:45 - 2014-04-11 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 17:45 - 2014-04-11 17:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-11 17:45 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-11 17:45 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-11 17:45 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-11 17:41 - 2014-04-11 17:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.1.1004.exe

==================== One Month Modified Files and Folders =======

2014-05-03 21:46 - 2014-05-03 21:46 - 00028780 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-05-03 21:46 - 2014-05-03 21:45 - 00000000 ____D () C:\FRST
2014-05-03 21:45 - 2009-04-06 06:44 - 01428335 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 21:44 - 2014-05-03 21:43 - 02062336 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-05-03 21:40 - 2014-04-24 15:48 - 00037888 _____ () C:\Windows\system32\bqnwx.gmj
2014-05-03 21:40 - 2014-04-24 15:47 - 00000104 _____ () C:\Windows\system32\tkpae.ugg
2014-05-03 21:37 - 2011-09-04 20:22 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-03 20:36 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 20:36 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 15:24 - 2006-11-02 07:46 - 00722772 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 14:04 - 2014-05-03 14:04 - 03077584 _____ (Symantec Corporation) C:\Users\Michael\Downloads\NPE.exe
2014-05-03 14:01 - 2014-05-03 13:59 - 00001684 _____ () C:\Users\Michael\Desktop\Rkill.txt
2014-05-03 13:59 - 2014-05-03 13:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill.com
2014-05-03 13:59 - 2014-05-03 13:59 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill64.com
2014-05-03 13:36 - 2011-09-04 20:22 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-03 11:48 - 2014-04-11 17:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-03 10:37 - 2014-04-26 21:59 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-03 10:36 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 22:09 - 2009-04-06 06:44 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-02 22:09 - 2006-11-02 10:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 19:42 - 2014-04-26 21:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-30 10:44 - 2012-03-22 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-30 10:44 - 2009-05-02 18:45 - 00002499 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-30 10:43 - 2009-04-06 07:31 - 00002593 _____ () C:\Users\Public\Desktop\HP MediaSmart.lnk
2014-04-30 10:33 - 2014-04-30 10:33 - 00000984 _____ () C:\Users\Michael\Desktop\Kaspersky Security Scan.lnk
2014-04-30 10:33 - 2014-04-30 10:33 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-04-30 10:32 - 2014-04-30 10:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-30 10:32 - 2014-04-30 10:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-30 10:18 - 2008-01-20 22:26 - 01736792 _____ () C:\Windows\PFRO.log
2014-04-29 19:04 - 2014-04-29 19:04 - 00000000 ____D () C:\SUPERDelete
2014-04-29 19:04 - 2008-11-11 06:34 - 00000000 ____D () C:\Program Files\AWS
2014-04-29 18:45 - 2014-03-29 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 18:45 - 2010-01-17 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 04:51 - 2014-04-28 12:34 - 00278282 _____ () C:\Users\Michael\AppData\Local\census.cache
2014-04-29 04:51 - 2014-04-28 12:33 - 00186675 _____ () C:\Users\Michael\AppData\Local\ars.cache
2014-04-28 20:19 - 2014-04-24 15:58 - 00000082 _____ () C:\Windows\system32\mtdozz.cll
2014-04-28 20:15 - 2014-04-28 20:14 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64(1).exe
2014-04-28 20:13 - 2014-04-28 20:12 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64.exe
2014-04-28 12:02 - 2014-04-28 12:02 - 00000036 _____ () C:\Users\Michael\AppData\Local\housecall.guid.cache
2014-04-27 22:29 - 2009-05-05 14:38 - 00107008 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 16:52 - 2014-04-26 21:59 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-27 16:52 - 2014-04-26 21:59 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-26 22:25 - 2011-11-12 17:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-26 22:15 - 2014-04-26 21:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-26 21:59 - 2014-04-26 21:59 - 00003802 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-04-26 21:59 - 2014-04-26 21:59 - 00003448 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-04-26 21:59 - 2014-04-26 21:59 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-04-26 21:58 - 2014-04-26 21:58 - 00001230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-26 21:58 - 2014-04-26 21:58 - 00001218 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-26 21:58 - 2014-04-26 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-26 21:50 - 2014-04-26 21:50 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-26 21:50 - 2014-04-26 21:50 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2014-04-26 21:50 - 2014-04-26 21:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-26 21:50 - 2014-04-26 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-04-26 21:28 - 2014-04-26 21:22 - 00109416 _____ () C:\ProgramData\1398565340.8804.bin
2014-04-26 21:28 - 2014-04-26 21:22 - 00049009 _____ () C:\ProgramData\1398565340.6500.bin
2014-04-26 21:26 - 2014-04-26 21:22 - 00004880 _____ () C:\ProgramData\1398565340.7264.bin
2014-04-26 21:24 - 2014-04-26 21:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2014-04-26 21:23 - 2014-04-26 21:23 - 00009131 _____ () C:\ProgramData\1398565340.9156.bin
2014-04-26 21:23 - 2014-04-26 21:23 - 00002122 _____ () C:\ProgramData\1398565340.11048.bin
2014-04-26 21:23 - 2014-04-26 21:23 - 00000507 _____ () C:\ProgramData\1398565340.6700.bin
2014-04-26 21:23 - 2014-04-26 21:23 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-26 21:22 - 2014-04-26 21:22 - 00013543 _____ () C:\ProgramData\1398565340.6164.bin
2014-04-25 18:53 - 2014-04-25 18:53 - 00737144 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-24 15:47 - 2014-04-24 15:47 - 00000064 _____ () C:\Windows\system32\kjtjm.urj
2014-04-24 15:31 - 2014-04-24 15:31 - 00301959 ____S () C:\Windows\system32\ujafzhu.kts
2014-04-21 17:50 - 2010-09-10 17:06 - 00003110 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMichael
2014-04-21 17:50 - 2010-09-10 17:06 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForMichael.job
2014-04-11 18:25 - 2014-01-31 14:55 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 17:45 - 2014-04-11 17:45 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 17:45 - 2014-04-11 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-11 17:45 - 2014-04-11 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 17:45 - 2014-04-11 17:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-11 17:41 - 2014-04-11 17:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-04 17:23 - 2009-05-05 14:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-03 09:51 - 2014-04-11 17:45 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-11 17:45 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-11 17:45 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-06-15 23:19] - [2009-04-11 02:11] - 0723968 ____A (Microsoft Corporation) 643554F475E0B5E64968AC8B432F4093

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-03 11:04

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Michael at 2014-05-03 21:47:12
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.0.16600 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.0.16600 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.82.76 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.14 - Broadcom Corporation)
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2126 - CyberLink Corp.) Hidden
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_ProductContext (x32 Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Garmin City Navigator North America NT 2012.20 Update (HKLM-x32\...\{E11CFDDC-6442-4E90-AA6C-B938E6DB0A74}) (Version: 15.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{bb5d5c67-2f14-4975-aa41-cecd5b5ddf9a}) (Version: 2.2.20 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden
Garmin Lifetime Updater (HKLM-x32\...\{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}) (Version: 2.1.11 - Garmin)
Garmin Update Service (x32 Version: 2.2.20 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Active Support Library (x32 Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3 (HKLM\...\{387D9916-BD27-480f-8CF0-3228832BBAA2}) (Version: 10.0 - HP)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6204 - HP)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2126 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.0.2126 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2125 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.0.0924 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.0.0924 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.0.0926 - Hewlett-Packard) Hidden
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (x32 Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons 6.40 H2 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.4941.2798 - Hewlett-Packard)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HP User Guides 0126 (HKLM-x32\...\{BE78F458-88D3-4894-87E9-54B96D1FFAB6}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
Java™ 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.340 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.340 - Kaspersky Lab) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.1.5.17469 - LeapFrog)
LeapFrog Connect (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.1.10.17623 - LeapFrog) Hidden
LeapFrog Leapster2 Plugin (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 5.1.5.17469 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}) (Version: 1.18.4.1 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{FCBE0690-CBE1-4C60-87B0-4A70A6F5434E}) (Version: 1.17.90.1 - LightScribe)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
McAfee Agent (HKLM-x32\...\{D107EA80-023A-443C-AA79-1C4B0CB2E227}) (Version: 4.6.0.2988 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{6A370610-3778-44AF-9AAC-69B2FD1A3356}) (Version: 3.0.541.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10111.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Network64 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
NetZero Preloader (HKLM-x32\...\{352310C3-E46B-42D3-8F32-54721FDD72D9}) (Version: 1.0.0 - NetZero, Inc.)
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
OverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
PlayMemories Home (HKLM-x32\...\{3DAFB9F2-B1BF-4163-BE86-1C97F309A2F4}) (Version: 3.1.00.14240 - Sony Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
Quicken 2008 (HKLM-x32\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.4.11 - Intuit)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealPlayer (HKLM-x32\...\RealPlayer 6.0) (Version:  - RealNetworks)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{25F31730-1B6C-4E8E-A3B9-818DC0CD961D}) (Version: 2.01.0013 - Seagate)
Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{97FF6C46-CE3A-47F6-BA6B-3D743ACA4054}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2583910) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BDC21583-5601-4B2B-88F3-7919F6DE8FB1}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (HKLM-x32\...\Leapster2Plugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 5.1.5.17469 - LeapFrog)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
WD Drive Manager (x64) (HKLM\...\{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}) (Version: 2.115 - Western Digital)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{22A51951-1F45-4C8A-B888-306527F9C45F}) (Version: 1.6.2.6 - Western Digital)
WeatherBug (HKLM-x32\...\{70DECFBF-9119-4434-B2D3-A3C283D15E45}) (Version: 6.8.2.1 - AWS Convergence Technologies)
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.31 - WildTangent)
Windows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2006-11-02 07:34 - 2014-04-26 22:29 - 00450689 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {15A1F641-A297-4195-8289-28ABFC70551A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1FED03F1-25E0-4623-8829-6F2A8AAFF708} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {37027782-6D3F-45EA-8483-8A81192289EB} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {3F3975EF-7918-45D8-AA5A-EA553827545C} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {72E8B980-6F22-48D0-8B0A-CF5A22993E45} - System32\Tasks\{32E91147-80CC-4B96-B036-7B5EADE0CB57} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {96B735A1-4264-49A0-A8B8-48E068CDEFBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04] (Google Inc.)
Task: {9C59DAD5-5DCB-4769-946D-C38EED77CB1C} - System32\Tasks\{5B3F48E1-3B84-4CE1-A449-A1BE8C48FB01} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {B7164120-142A-4C25-A81C-5D8C7BB775DA} - System32\Tasks\HPCeeScheduleForMichael => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {D2F4A110-A6AD-41D7-9CD8-885F3C7EDB7C} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {D55CFF0A-24DC-4004-AA84-B3C01ED2F92B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-04] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {ED0EBBA6-A47B-4B0E-97D4-BCE95CFFE343} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMichael.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2008-11-11 06:29 - 2008-06-29 18:10 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-08-15 08:40 - 2013-08-15 08:40 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2014-01-18 13:45 - 2009-07-20 13:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2011-05-04 16:04 - 2011-05-04 16:04 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2009-05-05 21:01 - 2009-07-20 05:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 20:30 - 2007-04-18 20:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-08-14 20:08 - 2012-08-14 20:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2014-04-26 21:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-26 21:58 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-26 21:58 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-26 21:58 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-26 21:58 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-09-05 19:36 - 2011-09-05 19:36 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
2011-09-05 19:36 - 2011-09-05 19:36 - 00180224 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll
2011-05-04 16:04 - 2011-05-04 16:04 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-05-04 16:04 - 2011-05-04 16:04 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 17:59 - 2010-03-22 17:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
2010-03-22 17:57 - 2010-03-22 17:57 - 00178176 _____ () C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Recovery Service for Windows => 2
MSCONFIG\Services: SprintRcAppSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk => C:\Windows\pss\Webshots.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer for HP TouchSmart => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: DVDAgent => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpWirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: OE => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QlbCtrl.exe => "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RDVCHG => "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
MSCONFIG\startupreg: Seagate Dashboard => "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: Sprint SmartView => "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: Trend Micro Titanium => "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
MSCONFIG\startupreg: TrendSecure Remote File Lock => C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: WD Drive Manager => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
MSCONFIG\startupreg: Weather => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet 6500 E709n
Description: Officejet 6500 E709n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2014 05:03:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 05:03:20 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/03/2014 10:37:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/03/2014 10:42:16 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (05/03/2014 10:37:07 AM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX

Error: (05/03/2014 10:37:07 AM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3

Error: (05/02/2014 05:41:24 PM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX

Error: (05/02/2014 05:41:24 PM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3

Error: (05/01/2014 07:07:51 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (05/01/2014 07:02:45 PM) (Source: Service Control Manager) (User: )
Description: SRTSP
SRTSPX

Error: (05/01/2014 07:02:10 PM) (Source: Service Control Manager) (User: )
Description: Norton Internet Security%%3

Error: (05/01/2014 04:35:26 PM) (Source: DCOM) (User: )
Description: 1084WDRulesService{C004E60F-2D62-4BE1-98C4-C39A8046B6BB}

Error: (05/01/2014 04:35:26 PM) (Source: DCOM) (User: )
Description: 1068WDBackup{81213AB4-5937-4340-88CD-66B4BC80DF73}

Microsoft Office Sessions:
=========================
Error: (12/19/2013 06:18:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 142 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-05-03 21:47:02.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:47:02.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:47:02.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:47:01.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:47:01.429
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:47:01.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:47:00.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:47:00.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:46:59.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-03 21:46:58.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 4026.25 MB
Available physical RAM: 1371.38 MB
Total Pagefile: 8279.75 MB
Available Pagefile: 5176.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.62 GB) (Free:117.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: CF9BC167)
Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Tried to run Search: rpcss.dll and got the same logs FRST.txt and Addition.txt no results as Search.txt?  WHat did I do wrong?

 

Thanks



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 PM

Posted 04 May 2014 - 05:23 AM

Hello pike steamer

"Tried to run Search: rpcss.dll and got the same logs FRST.txt and Addition.txt no results as Search.txt?"

Means you click on scan again and not on search

I need to see that report to fix your computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pike steamer

pike steamer
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 04 May 2014 - 04:02 PM

Thanks for you patience. 

 

Attached is the Search.txt log

 

Farbar Recovery Scan Tool (x64) Version: 02-05-2014
Ran by Michael at 2014-05-04 15:57:31
Running from C:\Users\Michael\Downloads
Boot Mode: Normal

================== Search: "RPCSS.DLL" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll
[2009-06-15 23:19] - [2009-04-11 02:11] - 0719872 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll
[2009-05-01 21:27] - [2009-03-02 23:59] - 0717824 ____A (Microsoft Corporation) 857E04C16007E60FCC0803239C853E78

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll
[2009-05-01 21:27] - [2009-03-02 23:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll
[2008-01-20 21:51] - [2008-01-20 21:51] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll
[2009-05-01 21:27] - [2009-03-02 23:35] - 0724992 ____A (Microsoft Corporation) 54FF562C2710BB610B019D723B16FB2A

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll
[2009-05-01 21:27] - [2009-03-02 23:40] - 0724992 ____A (Microsoft Corporation) 007F8DE7AC0F9386C3FD2EC7DC87C37A

C:\Windows\System32\rpcss.dll
[2009-06-15 23:19] - [2009-04-11 02:11] - 0723968 ____A (Microsoft Corporation) 643554F475E0B5E64968AC8B432F4093

====== End Of Search ======



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 PM

Posted 05 May 2014 - 07:15 AM

Hello pike steamer



I need you to download this script I have made for you --> Attached File  fixlist.txt   603bytes   6 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pike steamer

pike steamer
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 05 May 2014 - 10:43 AM

Hello Gringo,

I downloaded the script in the same folder as FRST. I opened the FRST and ran it using the Fix button. The computer said that it needed to shut down and then I got a Black screen. This black screen has been there for 20 minutes so far? Is this what's supposed to happen?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 PM

Posted 05 May 2014 - 10:58 AM

Try and restart the computer and let me know if it comes back up

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 pike steamer

pike steamer
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 05 May 2014 - 11:27 AM

Gringo,

 

I could not get CtrAlt-Del to work.  I powered down and it came up and said Windows did not close properly and it timed out on "start up normally".  The Black screen with the cursor in the middle of the screen came back with nothing else happening.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 PM

Posted 05 May 2014 - 02:52 PM


Hello pike steamer

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
I want you to poste the FRST.txt report into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pike steamer

pike steamer
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 05 May 2014 - 04:51 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 02
Ran by SYSTEM on MINWINPC on 05-05-2014 16:28:29
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MaxMenuMgr] => C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-09-05] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-07-23] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2534936 2014-02-23] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [*FRST] - "C:\Users\Michael\Downloads\FRST64.exe" [2062336 2014-05-03] (Farbar)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Default\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKU\Michael\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-15] (Garmin Ltd or its subsidiaries)
HKU\Michael\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\Michael\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\Michael\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe (Webshots.com)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1e90062d\AESTSr64.exe [89088 2008-06-27] (Andrea Electronics Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-15] (Garmin Ltd or its subsidiaries)
S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-09-05] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-08-10] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-08-10] (McAfee, Inc.)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481816 2014-02-23] (Sony Corporation)
S4 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1e90062d\STacSV64.exe [279040 2008-10-26] (IDT, Inc.)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
S2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2009-06-26] (WDC)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]

==================== Drivers (Whitelisted) ====================

S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2010-06-09] (LeapFrog)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-08-10] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-08-10] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-08-10] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-08-10] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-08-10] (McAfee, Inc.)
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 swmsflt; C:\Windows\System32\DRIVERS\swmsflt.sys [34304 2009-12-02] ()
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [202248 2009-12-02] (Sierra Wireless Inc.)
S1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [194640 2010-08-08] (Trend Micro Inc.)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\EX64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [X]
S1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
S1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
S2 TMAgent;
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-04 12:57 - 2014-05-04 12:59 - 00001821 _____ () C:\Users\Michael\Downloads\Search.txt
2014-05-03 18:47 - 2014-05-03 19:01 - 00054374 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-05-03 18:46 - 2014-05-04 12:57 - 00044033 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-05-03 18:45 - 2014-05-05 07:36 - 00000000 ____D () C:\FRST
2014-05-03 18:43 - 2014-05-03 18:44 - 02062336 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-05-03 11:04 - 2014-05-03 11:04 - 03077584 _____ (Symantec Corporation) C:\Users\Michael\Downloads\NPE.exe
2014-05-03 10:59 - 2014-05-03 11:01 - 00001684 _____ () C:\Users\Michael\Desktop\Rkill.txt
2014-05-03 10:59 - 2014-05-03 10:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill.com
2014-05-03 10:59 - 2014-05-03 10:59 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill64.com
2014-04-30 07:33 - 2014-04-30 07:33 - 00000984 _____ () C:\Users\Michael\Desktop\Kaspersky Security Scan.lnk
2014-04-30 07:32 - 2014-04-30 07:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-30 07:32 - 2014-04-30 07:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-29 16:04 - 2014-04-29 16:04 - 00000000 ____D () C:\SUPERDelete
2014-04-28 17:14 - 2014-04-28 17:15 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64(1).exe
2014-04-28 17:12 - 2014-04-28 17:13 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64.exe
2014-04-28 09:34 - 2014-04-29 01:51 - 00278282 _____ () C:\Users\Michael\AppData\Local\census.cache
2014-04-28 09:33 - 2014-04-29 01:51 - 00186675 _____ () C:\Users\Michael\AppData\Local\ars.cache
2014-04-28 09:02 - 2014-04-28 09:02 - 00000036 _____ () C:\Users\Michael\AppData\Local\housecall.guid.cache
2014-04-26 18:59 - 2014-05-05 07:27 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-26 18:59 - 2014-04-27 13:52 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-26 18:59 - 2014-04-27 13:52 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-26 18:59 - 2014-04-26 18:59 - 00003802 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-04-26 18:59 - 2014-04-26 18:59 - 00003448 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-04-26 18:59 - 2014-04-26 18:59 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-04-26 18:58 - 2014-04-26 19:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-26 18:58 - 2014-04-26 18:58 - 00001218 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-26 18:58 - 2014-04-26 18:58 - 00001218 _____ () C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2014-04-26 18:58 - 2013-09-20 07:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-04-26 18:50 - 2014-05-01 16:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-26 18:50 - 2014-04-26 18:50 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-26 18:50 - 2014-04-26 18:50 - 00001756 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-26 18:50 - 2014-04-26 18:50 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2014-04-26 18:50 - 2014-04-26 18:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-26 18:23 - 2014-04-26 18:23 - 00009131 _____ () C:\ProgramData\1398565340.9156.bin
2014-04-26 18:23 - 2014-04-26 18:23 - 00002122 _____ () C:\ProgramData\1398565340.11048.bin
2014-04-26 18:23 - 2014-04-26 18:23 - 00000507 _____ () C:\ProgramData\1398565340.6700.bin
2014-04-26 18:23 - 2014-04-26 18:23 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-26 18:22 - 2014-04-26 18:28 - 00109416 _____ () C:\ProgramData\1398565340.8804.bin
2014-04-26 18:22 - 2014-04-26 18:28 - 00049009 _____ () C:\ProgramData\1398565340.6500.bin
2014-04-26 18:22 - 2014-04-26 18:26 - 00004880 _____ () C:\ProgramData\1398565340.7264.bin
2014-04-26 18:22 - 2014-04-26 18:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2014-04-26 18:22 - 2014-04-26 18:22 - 00013543 _____ () C:\ProgramData\1398565340.6164.bin
2014-04-26 18:22 - 2013-05-28 09:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2014-04-26 18:22 - 2013-04-22 10:21 - 00148696 _____ (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2014-04-25 15:53 - 2014-04-25 15:53 - 00737144 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-11 14:45 - 2014-05-03 08:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-11 14:45 - 2014-04-11 14:45 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 14:45 - 2014-04-11 14:45 - 00000941 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 14:45 - 2014-04-11 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 14:45 - 2014-04-11 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-11 14:45 - 2014-04-03 06:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-11 14:45 - 2014-04-03 06:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-11 14:45 - 2014-04-03 06:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-04-11 14:41 - 2014-04-11 14:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.1.1004.exe

==================== One Month Modified Files and Folders =======

2014-05-05 07:36 - 2014-05-03 18:45 - 00000000 ____D () C:\FRST
2014-05-05 07:36 - 2011-09-04 17:22 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-05 07:36 - 2009-04-06 03:44 - 01436396 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 07:36 - 2009-04-06 03:44 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-05 07:36 - 2006-11-02 07:42 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-05 07:36 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-05 07:36 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 07:36 - 2006-11-02 07:22 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 07:27 - 2014-04-26 18:59 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-05-05 07:26 - 2011-09-04 17:22 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-04 12:59 - 2014-05-04 12:57 - 00001821 _____ () C:\Users\Michael\Downloads\Search.txt
2014-05-04 12:57 - 2014-05-03 18:46 - 00044033 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-05-03 19:01 - 2014-05-03 18:47 - 00054374 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-05-03 18:44 - 2014-05-03 18:43 - 02062336 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-05-03 12:24 - 2006-11-02 04:46 - 00722772 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-03 11:04 - 2014-05-03 11:04 - 03077584 _____ (Symantec Corporation) C:\Users\Michael\Downloads\NPE.exe
2014-05-03 11:01 - 2014-05-03 10:59 - 00001684 _____ () C:\Users\Michael\Desktop\Rkill.txt
2014-05-03 10:59 - 2014-05-03 10:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill.com
2014-05-03 10:59 - 2014-05-03 10:59 - 01057016 _____ (Bleeping Computer, LLC) C:\Users\Michael\Downloads\rkill64.com
2014-05-03 08:48 - 2014-04-11 14:45 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-01 16:42 - 2014-04-26 18:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-30 07:44 - 2009-05-02 15:45 - 00002499 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-30 07:44 - 2009-05-02 15:45 - 00002499 _____ () C:\ProgramData\Desktop\Skype.lnk
2014-04-30 07:43 - 2009-04-06 04:31 - 00002593 _____ () C:\Users\Public\Desktop\HP MediaSmart.lnk
2014-04-30 07:43 - 2009-04-06 04:31 - 00002593 _____ () C:\ProgramData\Desktop\HP MediaSmart.lnk
2014-04-30 07:33 - 2014-04-30 07:33 - 00000984 _____ () C:\Users\Michael\Desktop\Kaspersky Security Scan.lnk
2014-04-30 07:32 - 2014-04-30 07:32 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-30 07:32 - 2014-04-30 07:32 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-30 07:18 - 2008-01-20 19:26 - 01736792 _____ () C:\Windows\PFRO.log
2014-04-29 16:04 - 2014-04-29 16:04 - 00000000 ____D () C:\SUPERDelete
2014-04-29 16:04 - 2008-11-11 03:34 - 00000000 ____D () C:\Program Files\AWS
2014-04-29 15:45 - 2014-03-29 11:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 15:45 - 2010-01-17 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-29 01:51 - 2014-04-28 09:34 - 00278282 _____ () C:\Users\Michael\AppData\Local\census.cache
2014-04-29 01:51 - 2014-04-28 09:33 - 00186675 _____ () C:\Users\Michael\AppData\Local\ars.cache
2014-04-28 17:15 - 2014-04-28 17:14 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64(1).exe
2014-04-28 17:13 - 2014-04-28 17:12 - 02405568 _____ (Trend Micro Inc.) C:\Users\Michael\Downloads\HousecallLauncher64.exe
2014-04-28 09:02 - 2014-04-28 09:02 - 00000036 _____ () C:\Users\Michael\AppData\Local\housecall.guid.cache
2014-04-27 19:29 - 2009-05-05 11:38 - 00107008 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 13:52 - 2014-04-26 18:59 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-27 13:52 - 2014-04-26 18:59 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-26 19:25 - 2011-11-12 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-26 19:15 - 2014-04-26 18:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-26 18:59 - 2014-04-26 18:59 - 00003802 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-04-26 18:59 - 2014-04-26 18:59 - 00003448 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-04-26 18:59 - 2014-04-26 18:59 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-04-26 18:58 - 2014-04-26 18:58 - 00001218 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-26 18:58 - 2014-04-26 18:58 - 00001218 _____ () C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2014-04-26 18:50 - 2014-04-26 18:50 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-26 18:50 - 2014-04-26 18:50 - 00001756 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-26 18:50 - 2014-04-26 18:50 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SUPERAntiSpyware.com
2014-04-26 18:50 - 2014-04-26 18:50 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-04-26 18:28 - 2014-04-26 18:22 - 00109416 _____ () C:\ProgramData\1398565340.8804.bin
2014-04-26 18:28 - 2014-04-26 18:22 - 00049009 _____ () C:\ProgramData\1398565340.6500.bin
2014-04-26 18:26 - 2014-04-26 18:22 - 00004880 _____ () C:\ProgramData\1398565340.7264.bin
2014-04-26 18:24 - 2014-04-26 18:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\QuickScan
2014-04-26 18:23 - 2014-04-26 18:23 - 00009131 _____ () C:\ProgramData\1398565340.9156.bin
2014-04-26 18:23 - 2014-04-26 18:23 - 00002122 _____ () C:\ProgramData\1398565340.11048.bin
2014-04-26 18:23 - 2014-04-26 18:23 - 00000507 _____ () C:\ProgramData\1398565340.6700.bin
2014-04-26 18:23 - 2014-04-26 18:23 - 00000000 ____D () C:\Program Files\Bitdefender
2014-04-26 18:22 - 2014-04-26 18:22 - 00013543 _____ () C:\ProgramData\1398565340.6164.bin
2014-04-25 15:53 - 2014-04-25 15:53 - 00737144 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-21 14:50 - 2010-09-10 14:06 - 00003110 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMichael
2014-04-21 14:50 - 2010-09-10 14:06 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForMichael.job
2014-04-11 15:25 - 2014-01-31 11:55 - 00002025 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 15:25 - 2014-01-31 11:55 - 00002025 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-04-11 14:45 - 2014-04-11 14:45 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 14:45 - 2014-04-11 14:45 - 00000941 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-11 14:45 - 2014-04-11 14:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-11 14:45 - 2014-04-11 14:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-11 14:41 - 2014-04-11 14:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.1.1004.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4026.25 MB
Available physical RAM: 3325.49 MB
Total Pagefile: 3703.46 MB
Available Pagefile: 3306.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.62 GB) (Free:117.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (COMPU) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: CF9BC167)
Partition 1: (Active) - (Size=286 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 122 MB) (Disk ID: 0B9D77F7)
Partition 1: (Active) - (Size=122 MB) - (Type=06)

LastRegBack: 2014-05-05 10:45

==================== End Of Log ============================



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 PM

Posted 06 May 2014 - 07:03 AM


Hello pike steamer

Ok lets see if we can find a replacement for the infected file

Boot back into the recovery Environment and run FRST like you did before

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pike steamer

pike steamer
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 06 May 2014 - 01:02 PM

Hello,

System will not allow me to log into Safe mode with Networking. I get the black screen with a large cursor arrow that can be moved around the screen. Nothing to select.

#14 pike steamer

pike steamer
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 06 May 2014 - 05:03 PM

Farbar Recovery Scan Tool (x64) Version: 05-05-2014 02
Ran by SYSTEM at 2014-05-06 16:42:23
Running from G:\
Boot Mode: Recovery

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll
[2009-06-15 20:19] - [2009-04-10 23:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll
[2009-05-01 18:27] - [2009-03-02 20:59] - 0717824 ____A (Microsoft Corporation) 857E04C16007E60FCC0803239C853E78

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll
[2009-05-01 18:27] - [2009-03-02 20:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll
[2008-01-20 18:51] - [2008-01-20 18:51] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll
[2009-05-01 18:27] - [2009-03-02 20:35] - 0724992 ____A (Microsoft Corporation) 54FF562C2710BB610B019D723B16FB2A

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll
[2009-05-01 18:27] - [2009-03-02 20:40] - 0724992 ____A (Microsoft Corporation) 007F8DE7AC0F9386C3FD2EC7DC87C37A

X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll
[2008-01-19 03:11] - [2008-01-19 03:11] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2

X:\Windows\System32\rpcss.dll
[2008-01-18 22:27] - [2008-01-19 00:03] - 0713728 ____A (Microsoft Corporation) FF27BE0BA7B3C48D5C99AFCB56D436C2

====== End Of Search ======



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:33 PM

Posted 07 May 2014 - 07:47 AM


Hello pike steamer



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
Replace: X:\Windows\System32\rpcss.dll C:\WINDOWS\System32\rpcss.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users